[civicrm-core.git] / CRM / Utils / Request.php

<?php
/*
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC. All rights reserved.                        |
 |                                                                    |
 | This work is published under the GNU AGPLv3 license with some      |
 | permitted exceptions and without any warranty. For full license    |
 | and copyright information, see https://civicrm.org/licensing       |
 +--------------------------------------------------------------------+
 */

/**
 *
 * @package CRM
 * @copyright CiviCRM LLC https://civicrm.org/licensing
 */

/**
 * Class for managing a http request
 */
class CRM_Utils_Request {

  /**
   * Get a unique ID for the request.
   *
   * This unique ID is assigned to mysql when the connection is opened and is
   * available in PHP.
   *
   * The intent is that it is available for logging purposes and for triggers.
   *
   * The resulting string is 17 characters long. This consists of 13 characters of uniqid
   * and 4 more random characters.
   *
   * Uniqid is unique to the microsecond - to make it more unique we add 4 more characters
   * but stop short of the full 23 character string that a prefix would generate.
   *
   * It is intended that this string will be saved to log tables so striking a balance between
   * uniqueness and length is important. Note that I did check & lining up with byte values
   * (e.g 16 characters) does not confer any benefits. Using a CHAR field rather than VARCHAR
   * may improve speed, if indexed.
   *
   * @return string
   */
  public static function id() {
    if (!isset(\Civi::$statics[__CLASS__]['id'])) {
      \Civi::$statics[__CLASS__]['id'] = uniqid() . CRM_Utils_String::createRandom(CRM_Utils_String::ALPHANUMERIC, 4);
    }
    return \Civi::$statics[__CLASS__]['id'];
  }

  /**
   * Retrieve a value from the request (GET/POST/REQUEST)
   *
   * @param string $name
   *   Name of the variable to be retrieved.
   * @param string $type
   *   Type of the variable (see CRM_Utils_Type for details).
   * @param object $store
   *   Session scope where variable is stored.
   * @param bool $abort
   *   TRUE, if the variable is required.
   * @param mixed $default
   *   Default value of the variable if not present.
   * @param string $method
   *   Where to look for the variable - 'GET', 'POST' or 'REQUEST'.
   * @param bool $isThrowException
   *   Should a an exception be thrown rather than a fatal.
   *
   * @return mixed
   *   The value of the variable
   *
   * @throws \CRM_Core_Exception
   */
  public static function retrieve($name, $type, &$store = NULL, $abort = FALSE, $default = NULL, $method = 'REQUEST', $isThrowException = TRUE) {

    $value = NULL;
    switch ($method) {
      case 'GET':
        $value = self::getValue($name, $_GET);
        break;

      case 'POST':
        $value = self::getValue($name, $_POST);
        break;

      default:
        $value = self::getValue($name, $_REQUEST);
        break;
    }

    if (isset($value)) {
      $value = CRM_Utils_Type::validate($value, $type, $abort, $name);
    }

    if (!isset($value) && $store) {
      $value = $store->get($name);
    }

    if (!isset($value) && $abort) {
      if ($isThrowException) {
        throw new CRM_Core_Exception(ts("Could not find valid value for %1", [1 => $name]));
      }
      CRM_Core_Error::fatal(ts("Could not find valid value for %1", [1 => $name]));
    }

    if (!isset($value) && $default) {
      $value = $default;
    }

    // minor hack for action
    if ($name == 'action') {
      if (!is_numeric($value) && is_string($value)) {
        $value = CRM_Core_Action::resolve($value);
      }
    }

    if (isset($value) && $store) {
      $store->set($name, $value);
    }

    return $value;
  }

  /**
   * @param string $name
   *   Name of the variable to be retrieved.
   *
   * @param array $method - '$_GET', '$_POST' or '$_REQUEST'.
   *
   * @return mixed
   *   The value of the variable
   */
  protected static function getValue($name, $method) {
    if (isset($method[$name])) {
      return $method[$name];
    }
    // CRM-18384 - decode incorrect keys generated when &amp; is present in url
    foreach ($method as $key => $value) {
      if (strpos($key, 'amp;') !== FALSE) {
        $method[str_replace('amp;', '', $key)] = $method[$key];
        if (isset($method[$name])) {
          return $method[$name];
        }
        else {
          continue;
        }
      }
    }
    return NULL;
  }

  /**
   * @deprecated
   *
   * We should use a function that checks url values.
   *
   * This is a replacement for $_REQUEST which includes $_GET/$_POST
   * but excludes $_COOKIE / $_ENV / $_SERVER.
   *
   * @return array
   */
  public static function exportValues() {
    // For more discussion of default $_REQUEST handling, see:
    // http://www.php.net/manual/en/reserved.variables.request.php
    // http://www.php.net/manual/en/ini.core.php#ini.request-order
    // http://www.php.net/manual/en/ini.core.php#ini.variables-order

    $result = [];
    if ($_GET) {
      $result = array_merge($result, $_GET);
    }
    if ($_POST) {
      $result = array_merge($result, $_POST);
    }
    return $result;
  }

  /**
   * Retrieve a variable from the http request.
   *
   * @param string $name
   *   Name of the variable to be retrieved.
   * @param string $type
   *   Type of the variable (see CRM_Utils_Type for details).
   *   Most common options are:
   *   - 'Integer'
   *   - 'Positive'
   *   - 'CommaSeparatedIntegers'
   *   - 'Boolean'
   *   - 'String'
   *
   * @param mixed $defaultValue
   *   Default value of the variable if not present.
   * @param bool $isRequired
   *   Is the variable required for this function to proceed without an exception.
   * @param string $method
   *   Where to look for the value - GET|POST|REQUEST
   *
   * @return mixed
   * @throws \CRM_Core_Exception
   */
  public static function retrieveValue($name, $type, $defaultValue = NULL, $isRequired = FALSE, $method = 'REQUEST') {
    $null = NULL;
    return CRM_Utils_Request::retrieve((string) $name, (string) $type, $null, (bool) $isRequired, $defaultValue, $method, TRUE);
  }

  /**
   * Retrieve the component from the action attribute of a form.
   *
   * Contribution Page forms and Event Management forms detect the value of a
   * component (and therefore the desired tab key) by reaching into the "action"
   * attribute of a form and reading the final item of the path. In WordPress,
   * however, the URL may be urlencoded, and so the URL may need to be decoded
   * before parsing it.
   *
   * @see https://lab.civicrm.org/dev/wordpress/issues/12#note_10699
   *
   * @param array $attributes
   *   The form attributes array.
   *
   * @return string
   *   The desired value.
   */
  public static function retrieveComponent($attributes) {
    $url = $attributes['action'] ?? NULL;
    // Whilst the following is a fallible universal test for urlencoded URLs,
    // thankfully the "action" URL has a limited and predictable form and
    // therefore this comparison is sufficient for our purposes.
    if (rawurlencode(rawurldecode($url)) !== $url) {
      $value = strtolower(basename(rawurldecode($url)));
    }
    else {
      $value = strtolower(basename($url));
    }
    return $value;
  }

}
Commit	Line	Data
6a488035 TO	1	<?php
	2	/*
	3	+--------------------------------------------------------------------+
bc77d7c0	4	\| Copyright CiviCRM LLC. All rights reserved. \|
6a488035	5	\| \|
bc77d7c0 TO	6	\| This work is published under the GNU AGPLv3 license with some \|
	7	\| permitted exceptions and without any warranty. For full license \|
	8	\| and copyright information, see https://civicrm.org/licensing \|
6a488035	9	+--------------------------------------------------------------------+
d25dd0ee	10	*/
6a488035 TO	11
	12	/**
	13	*
	14	* @package CRM
ca5cec67	15	* @copyright CiviCRM LLC https://civicrm.org/licensing
6a488035 TO	16	*/
	17
	18	/**
50bfb460	19	* Class for managing a http request
6a488035 TO	20	*/
	21	class CRM_Utils_Request {
	22
40101d37	23	/**
	24	* Get a unique ID for the request.
	25	*
	26	* This unique ID is assigned to mysql when the connection is opened and is
	27	* available in PHP.
	28	*
	29	* The intent is that it is available for logging purposes and for triggers.
	30	*
	31	* The resulting string is 17 characters long. This consists of 13 characters of uniqid
	32	* and 4 more random characters.
	33	*
	34	* Uniqid is unique to the microsecond - to make it more unique we add 4 more characters
	35	* but stop short of the full 23 character string that a prefix would generate.
	36	*
	37	* It is intended that this string will be saved to log tables so striking a balance between
	38	* uniqueness and length is important. Note that I did check & lining up with byte values
	39	* (e.g 16 characters) does not confer any benefits. Using a CHAR field rather than VARCHAR
	40	* may improve speed, if indexed.
	41	*
	42	* @return string
	43	*/
	44	public static function id() {
	45	if (!isset(\Civi::$statics[__CLASS__]['id'])) {
	46	\Civi::$statics[__CLASS__]['id'] = uniqid() . CRM_Utils_String::createRandom(CRM_Utils_String::ALPHANUMERIC, 4);
	47	}
	48	return \Civi::$statics[__CLASS__]['id'];
	49	}
	50
6a488035 TO	51	/**
	52	* Retrieve a value from the request (GET/POST/REQUEST)
	53	*
a3379cc1 AH	54	* @param string $name
	55	* Name of the variable to be retrieved.
	56	* @param string $type
	57	* Type of the variable (see CRM_Utils_Type for details).
	58	* @param object $store
	59	* Session scope where variable is stored.
	60	* @param bool $abort
	61	* TRUE, if the variable is required.
	62	* @param mixed $default
	63	* Default value of the variable if not present.
	64	* @param string $method
	65	* Where to look for the variable - 'GET', 'POST' or 'REQUEST'.
5e4ccea5	66	* @param bool $isThrowException
5e4ccea5	67	* Should a an exception be thrown rather than a fatal.
6a488035	68	*
a3379cc1 AH	69	* @return mixed
a3379cc1 AH	70	* The value of the variable
5e4ccea5	71	*
5e4ccea5	72	* @throws \CRM_Core_Exception
6a488035	73	*/
309310bf	74	public static function retrieve($name, $type, &$store = NULL, $abort = FALSE, $default = NULL, $method = 'REQUEST', $isThrowException = TRUE) {
6a488035 TO	75
	76	$value = NULL;
	77	switch ($method) {
	78	case 'GET':
00479d26	79	$value = self::getValue($name, $_GET);
6a488035 TO	80	break;
	81
	82	case 'POST':
00479d26	83	$value = self::getValue($name, $_POST);
6a488035 TO	84	break;
	85
	86	default:
00479d26	87	$value = self::getValue($name, $_REQUEST);
6a488035 TO	88	break;
	89	}
	90
8ae17a2d	91	if (isset($value)) {
8ae17a2d	92	$value = CRM_Utils_Type::validate($value, $type, $abort, $name);
6a488035 TO	93	}
	94
	95	if (!isset($value) && $store) {
	96	$value = $store->get($name);
	97	}
	98
	99	if (!isset($value) && $abort) {
5e4ccea5	100	if ($isThrowException) {
be2fb01f	101	throw new CRM_Core_Exception(ts("Could not find valid value for %1", [1 => $name]));
5e4ccea5	102	}
be2fb01f	103	CRM_Core_Error::fatal(ts("Could not find valid value for %1", [1 => $name]));
6a488035 TO	104	}
6a488035 TO	105
6ad0a621	106	if (!isset($value) && $default) {
6a488035 TO	107	$value = $default;
	108	}
	109
	110	// minor hack for action
25cdc89e MWMC	111	if ($name == 'action') {
	112	if (!is_numeric($value) && is_string($value)) {
	113	$value = CRM_Core_Action::resolve($value);
	114	}
6a488035 TO	115	}
	116
	117	if (isset($value) && $store) {
	118	$store->set($name, $value);
	119	}
	120
	121	return $value;
	122	}
ba56a28f	123
00479d26	124	/**
	125	* @param string $name
	126	* Name of the variable to be retrieved.
	127	*
	128	* @param array $method - '$_GET', '$_POST' or '$_REQUEST'.
	129	*
	130	* @return mixed
6714d8d2	131	* The value of the variable
00479d26	132	*/
5e4ccea5	133	protected static function getValue($name, $method) {
131cc2eb	134	if (isset($method[$name])) {
	135	return $method[$name];
	136	}
00479d26	137	// CRM-18384 - decode incorrect keys generated when & is present in url
00479d26	138	foreach ($method as $key => $value) {
131cc2eb	139	if (strpos($key, 'amp;') !== FALSE) {
00479d26	140	$method[str_replace('amp;', '', $key)] = $method[$key];
131cc2eb	141	if (isset($method[$name])) {
	142	return $method[$name];
	143	}
	144	else {
	145	continue;
	146	}
00479d26	147	}
00479d26	148	}
131cc2eb	149	return NULL;
00479d26	150	}
00479d26	151
ba56a28f	152	/**
5e4ccea5	153	* @deprecated
	154	*
	155	* We should use a function that checks url values.
	156	*
ba56a28f TO	157	* This is a replacement for $_REQUEST which includes $_GET/$_POST
	158	* but excludes $_COOKIE / $_ENV / $_SERVER.
	159	*
ba56a28f	160	* @return array
ba56a28f	161	*/
00be9182	162	public static function exportValues() {
ba56a28f TO	163	// For more discussion of default $_REQUEST handling, see:
	164	// http://www.php.net/manual/en/reserved.variables.request.php
	165	// http://www.php.net/manual/en/ini.core.php#ini.request-order
	166	// http://www.php.net/manual/en/ini.core.php#ini.variables-order
	167
be2fb01f	168	$result = [];
ba56a28f TO	169	if ($_GET) {
	170	$result = array_merge($result, $_GET);
	171	}
	172	if ($_POST) {
	173	$result = array_merge($result, $_POST);
	174	}
	175	return $result;
	176	}
96025800	177
5e4ccea5	178	/**
	179	* Retrieve a variable from the http request.
	180	*
	181	* @param string $name
	182	* Name of the variable to be retrieved.
	183	* @param string $type
	184	* Type of the variable (see CRM_Utils_Type for details).
	185	* Most common options are:
	186	* - 'Integer'
	187	* - 'Positive'
	188	* - 'CommaSeparatedIntegers'
	189	* - 'Boolean'
	190	* - 'String'
	191	*
	192	* @param mixed $defaultValue
	193	* Default value of the variable if not present.
	194	* @param bool $isRequired
	195	* Is the variable required for this function to proceed without an exception.
	196	* @param string $method
	197	* Where to look for the value - GET\|POST\|REQUEST
	198	*
	199	* @return mixed
54c32137	200	* @throws \CRM_Core_Exception
5e4ccea5	201	*/
	202	public static function retrieveValue($name, $type, $defaultValue = NULL, $isRequired = FALSE, $method = 'REQUEST') {
	203	$null = NULL;
	204	return CRM_Utils_Request::retrieve((string) $name, (string) $type, $null, (bool) $isRequired, $defaultValue, $method, TRUE);
	205	}
	206
b90552b7 CW	207	/**
	208	* Retrieve the component from the action attribute of a form.
	209	*
	210	* Contribution Page forms and Event Management forms detect the value of a
	211	* component (and therefore the desired tab key) by reaching into the "action"
	212	* attribute of a form and reading the final item of the path. In WordPress,
	213	* however, the URL may be urlencoded, and so the URL may need to be decoded
	214	* before parsing it.
	215	*
	216	* @see https://lab.civicrm.org/dev/wordpress/issues/12#note_10699
	217	*
	218	* @param array $attributes
	219	* The form attributes array.
	220	*
6714d8d2	221	* @return string
b90552b7 CW	222	* The desired value.
	223	*/
	224	public static function retrieveComponent($attributes) {
9c1bc317	225	$url = $attributes['action'] ?? NULL;
b90552b7 CW	226	// Whilst the following is a fallible universal test for urlencoded URLs,
	227	// thankfully the "action" URL has a limited and predictable form and
	228	// therefore this comparison is sufficient for our purposes.
	229	if (rawurlencode(rawurldecode($url)) !== $url) {
	230	$value = strtolower(basename(rawurldecode($url)));
	231	}
	232	else {
	233	$value = strtolower(basename($url));
	234	}
	235	return $value;
	236	}
	237
6a488035	238	}